Terms of Service Privacy Policy Contact Us




    iptables formerly known as ipchains is a command line interface that controls access rules for netfilter. netfilter is a packet filtering frame work for the 2.4 and later series linux kernel. i.e. the firewall.

    By default there are no rules and the policies are to ACCEPT all traffic inbound and outbound.

    These terms are important to know when working with iptables:

    • Tables - a container for the chains
    • Chains - the direction of the packet
    • Targets - what is going to happen to the packet

    These are important.

    CREATED 2019-04-26 00:44:59.0


    UPDATED 2020-03-05 12:26:41.0

    The Tables...

    Tables (hence iptables):

    • filter - this is the default. If you don't specify a table it goes here.
    • mangle contains rules to mangle packet headers
    • nat rules for Network Address Translation
    • raw rules for packets regardless of state.

    You can also create custom tables. In the rule the -j parameter is for jump which can be another table.

    CREATED 2019-04-25 19:24:04.0


    UPDATED 2020-03-05 12:26:37.0

    The Chains...

    Chains operate within the tables.

    CREATED 2019-04-25 19:24:23.0


    UPDATED 2020-03-05 12:26:32.0


    iptables -t filter -A INPUT -m connlimit ...

    Use extensions with the -m or match argument.

    This example will load the connlimit module.

    CREATED 2019-04-25 19:42:37.0


    UPDATED 2020-03-05 12:26:25.0


    connlimit limits connections

    From the iptables man pages:

    • --connlimit-upto n number of existing connections is below n
    • --connlimit-above n number of exiting connections
    • --conlimit-mask 0-32 the subnet mask
    • --conlimit-saddr apply the rule to the source
    • --conlimit-daddr apply the rule to the destination

    CREATED 2019-04-25 19:42:54.0


    UPDATED 2020-03-05 12:26:21.0

    Two NICs...

    1 routeA 2 routeB allow-hotplug eth0 iface eth0 inet static    address    gateway    post-up ip route add dev eth0 src table routeA    post-up ip route add default via dev eth0 table routeA    post-up ip rule add from table routeA    post-up ip rule add to table routeA allow-hotplug eth1 iface eth1 inet static    address    gateway    post-up ip route add dev eth0 src table routeB    post-up ip route add default via dev eth0 table routeB    post-up ip rule add from table routeB    post-up ip rule add to table routeB

    The situation. We have a multihomed machine that operates on two different networks.

    • Network A -
    • Network B -

    We must do three things to address this situation:

    • Create two routing tables - done in the /etc/iproute2/rt_tables
    • Add a route to the interfaces file for each interface
    • Add a rule to the interfaces file for each nic.

    First the tables file... in the /etc/iproute2/rt_tables file add two lines...

    This indicates that route 1 is routeA and route 2 is routeB

    Next add the routes to the /etc/network/interfaces file for the first network card (eth0) that will operate on routeA i.e.

    This tells the system to use eth0 for anything addresses to or from

    Next in the same file add a second stanza, routes and rules to address the second network (

    CREATED 2020-03-05 12:25:31.0


    UPDATED 2020-03-05 12:26:15.0


    Page Server: Ithica

    DBID: db.wam

    ©2012 Leistware Data Systems

        Hello anonymous